diff options
| author | Jeff King <peff@peff.net> | 2017-03-28 15:46:56 -0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2017-03-30 14:59:50 -0700 |
| commit | 1a168e5c86d2c6cbb57429473357bdf1acdec63c (patch) | |
| tree | 7a22f1e29fad8eb65e1fb7e9eec01bd10c37716b /sha1_file.c | |
| parent | 0dc3b035e03a4028a22cd2a8b5f21086e3227047 (diff) | |
| download | git-1a168e5c86d2c6cbb57429473357bdf1acdec63c.tar.gz | |
convert unchecked snprintf into xsnprintf
These calls to snprintf should always succeed, because their
input is small and fixed. Let's use xsnprintf to make sure
this is the case (and to make auditing for actual truncation
easier).
These could be candidates for turning into heap buffers, but
they fall into a few broad categories that make it not worth
doing:
- formatting single numbers is simple enough that we can
see the result should fit
- the size of a sha1 is likewise well-known, and I didn't
want to cause unnecessary conflicts with the ongoing
process to convert these constants to GIT_MAX_HEXSZ
- the interface for curl_errorstr is dictated by curl
Signed-off-by: Jeff King <peff@peff.net>
Diffstat (limited to 'sha1_file.c')
| -rw-r--r-- | sha1_file.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sha1_file.c b/sha1_file.c index 71063890ff..43990dec73 100644 --- a/sha1_file.c +++ b/sha1_file.c @@ -3762,8 +3762,8 @@ static int for_each_file_in_obj_subdir(int subdir_nr, char hex[GIT_SHA1_HEXSZ+1]; struct object_id oid; - snprintf(hex, sizeof(hex), "%02x%s", - subdir_nr, de->d_name); + xsnprintf(hex, sizeof(hex), "%02x%s", + subdir_nr, de->d_name); if (!get_oid_hex(hex, &oid)) { if (obj_cb) { r = obj_cb(&oid, path->buf, data); |